如何将docker容器ip暴露给外网？

Question

i want to expose the container ip to the external network where the host is running so that i can directly ping the docker container ip from an external machine. If i ping the docker container ip from the external machine where the machine hosting the docker and the machine from which i am pinging are in the same network i need to get the response from these machines

Answer 1

Pinging the container's IP (ie the IP it shows when you look at docker inspect [CONTAINER] ) from another machine does not work. However, the container is reachable via the public IP of its host.

In addition to Borja's answer, you can expose the ports of Docker containers by adding -p [HOST_PORT]:[CONTAINER_PORT] to your docker run command.

Eg if you want to reach a web server in a Docker container from another machine, you can start it with docker run -d -p 80:80 httpd:alpine . The container's port 80 is then reachable via the host's port 80 . Other machines on the same network will then also be able to reach the webserver in this container (depending on Firewall settings etc. of course...)

Answer 2

Since you tagged this as kubernetes :

You cannot directly send packets to individual Docker containers. You need to send them to somewhere else that's able to route them. In the case of plain Docker, you need to use the docker run -p option to publish a port to the host, and then containers will be reachable via the published port via the host's IP address or DNS name. In a Kubernetes context, you need to set up a Service that's able to route traffic to the Pod (or Pods) that are running your container, and you ultimately reach containers via that Service.

The container-internal IP addresses are essentially useless in many contexts. (They cannot be reached from off-host at all; in some environments you can't even reach them from outside of Docker on the same host.) There are other mechanisms you can use to reach containers ( docker run -p from outside Docker, inter-container DNS from within Docker) and you never need to look up these IP addresses at all.

Your question places a heavy emphasis on ping (1). This is a very-low-level debugging tool that uses a network protocol called ICMP. If sending packets using ICMP is actually core to your workflow, you will have difficulty running it in Docker or Kubernetes. I suspect you aren't actually. Don't worry so much about being able to directly ping containers; use higher-level tools like curl (1) if you need to verify that a request is reaching its container.

Answer 3

It's pretty easy actually, assuming you have control over the routing tables of your external devices (either directly, or via your LAN's gateway/router). Assuming your containers are using a bridge network of 172.17.0.0/16, you add a static entry for the 172.17.0.0/16 network, with your Docker physical LAN IP as the gateway. You might need to also allow this forwarding in your Docker OS firewall configuration.

After that, you should be able to connect to your docker container using its bridge address (172.17.0.2 for example). Note however that it will likely not respond to pings, due to the container's firewall.

If you're content to access your container using only the bridge IP (and never again use your Docker host IP with the mapped-port), you can remove port mapping from the container entirely.

Answer 4

You need to create a new bridge docker network and attach the container to this network. You should be able to connect by this way.